Not hit this myself, but seems likely its coming for many of us. Just wondering if bouncing the winrm service might fix this? or a Restart-Computer (I'd recommend the win_reboot role on galaxy if it really does need a reboot) - so many things in windows still need a reboot :-(
I guess it will need to renegotiate after a change like this has been made. Noticed this when I was searching around - https://support.microsoft.com/en-us/kb/3080079 if remote desktop needed a change then maybe winrm does too? No idea at this point if they share any logic. Please let us know if the restart does the trick Jon On Tuesday, January 26, 2016 at 2:53:30 AM UTC, Chris Carlson wrote: > > Recently, I've undertaken the task of PCI Compliance for several servers I > manage. One of the recurring recommendations is to disable TLS 1.0 in favor > of TLS 1.1/1.2. > > The good news.. Disabling TLS 1.0 on a group of servers is super easy > using Ansible! Sadly, one of the side effects of disabling is that the > WinRM connection in my Ansible scripts becomes completely broken afterward. > After disabling, connecting to Windows servers results in the following > error: > > fatal: [10.0.20.20]: FAILED! => {"failed": true, "msg": "ERROR! ssl: 500 > WinRMTransport. [Errno 54] Connection reset by peer"} > > Re-enabling TLS 1.0 will correct the issue, but obviously it's not ideal > and I'm wondering what can be done.. So, some questions: > > 1. Is TLS 1.0 required in Windows, or is it something in pywinrm package? > 2. If TLS 1.0 must be used, is there an interim solution where it can be > disabled for IIS (port 443) only? The only solutions I have found online > disable it in the SCHANNEL/Protocols registry key, which then disables it > system-wide in Windows > 3. Has anyone run into this problem or discovered another workaround? > > Thanks, looking forward to discussing! > > -chris > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d695ee03-4cb8-4686-920d-88d35ee95a2f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
